Yesterday researchers from Palo Alto Networks’ Unit 42 published their discovery of a never-before-seen malware, dubbed Hildegard, that is being used by the TeamTNT threat group to target Kubernetes clusters. While Hildegard, initially detected in January 2021, is initially being used to launch cryptojacking operations, researchers believe that the campaign may still be in the reconnaissance and weaponization stage. Eventually, they warn, TeamTNT may launch a more large-scale cryptojacking attack via Kubernetes environments or steal data from applications running in Kubernetes clusters.
<p>Kubernetes is extremely powerful and a new foundation of IT strategy, but not immune from malware, vulnerability and exploitation. Indeed, the dynamics, agility and scale that make it attractive to run scaled workloads at a moment’s notice also make it an attractive target for exploitation. While many attacks to date have focused on cryptomining, with the growing utilization of Kubernetes across industry, it will continue to be a focus of attack. The nature of this malware evidences that managing risk when running kubernetes applications has to go beyond dependence on the bare minimum infrastructure level controls like TLS and container encryption, and shift to data-centric security for sensitive personal data. This has proven highly effective over the last decade, with new techniques like stateless data tokenization taking strategic prominence with industry leading enterprises. The good news is this available for cloud-native/kubernetes ecosystems today and ready to mitigate threats while letting enterprises get on with digital transformation at full throttle without breach risks getting in the way.</p>